Site iconSite icon IFSEC Insider | Security and Fire News and Resources

Security for Facilities Managers

Security in eight principles

Increasingly, facilities professionals are required to manage the protection of corporate assets. The UK business community hasn’t been immune to the increase in – and changing nature of – crime and acts of terrorism, whether organised or opportunistic. It doesn’t matter if you’re talking about laptop theft, vandalism of corporate assets or physical assaults on personnel – in many companies, it’s the facilities manager who has to deal with issues of this nature.

By its very nature security management is not a perfect science. The challenge for facilities managers – not to say all others tasked with the security management remit – is to allow themselves to be creative and imaginative when proposing security solutions.

In all cases, the approach adopted needs to be proactive – and it’s with this spirit in my mind that we’ve published the ‘Good Practice Guide to Security Management’.

The assessment process

At the heart of any planned security programme is the risk and threat assessment document. The process invoked to produce this must consider all of the potential risks, threats and vulnerabilities which may have an impact on the organisation’s security, its premises and other assets.

It’s preferable for such an assessment to be conducted by a trained security professional. In the UK there are no hard and fast regulations concerning the qualifications or competencies of security consultants. However, the Association of Security Consultants (ASC) is a self-regulating body of consultants whose membership is restricted to those who have undertaken to operate independently of systems suppliers or other service providers.

Once your consultant has completed the risk assessment, it’s time to map out a proactive security programme – and the best way for it to be implemented. The ‘Security Toolbox’ is a useful platform for this, based as it is on the tried-and-tested ‘eight principles of security’.

The first of these principles centres on policy and strategy. The absence of a security policy means that little – if any – budget will be set aside for protection regimes. Key factors underpinning policy are the purpose and scope of security, recognising and defining relevant Stakeholders and delineating the organisation’s operational activities.

Information and intelligence

Next up is information and intelligence. Where are the new premises to be located? Who are the other tenants in the building? Who works for our company? How do we check them?

Information and intelligence gathering must be carried out systematically. When selecting new company premises, for example, always scope the local crime trends and statistics by contacting crime prevention officers.

If an existing site is being considered, then a Site Security Survey may be appropriate. This should establish potential issues relating to the physical installation of any systems, such as the number and location of any CCTV cameras and preferred routes for cables and conduits.

The third principle focuses on people and Human Resources. Without doubt, people are the most important part of any security programme. There are advantages and disadvantages in relation to in-house and contracted security teams. Some say in-house staff are more loyal, but they do need regular training and operational support that is – or should be – an integral part of the service. Specifying the technical means

There’s no doubting the value that technology now brings to security’s table. CCTV, ANPR, intruder alarms, access control (conventional or biometric), car park barriers and vehicle blockers are but some of the almost essential solutions companies now employ as part of their day-to-day security programme.

Only proven systems should be included in your specification. Clearly, the size of the budget will have a key impact on the scale and quality of the final security programme but, if you use the eight principles wisely, it should be possible to achieve sound results.

The fifth principle is all about control and supervision. Who’s in charge? Who has genuine ‘ownership’ of the security issue? Confusion here can be dangerous, particularly in an emergency. For the purposes of day-to-day security management there must be one point of contact and one only.

The definition of procedures is crucial. Even the best security people and technology in the world will not produce optimum, safe results without workable procedures. Sometimes, these are referred to as Standard Operating Procedures. They must be understood, simple, accessible and adhered to at all times.

Procedures will vary widely according to the nature and size of the host organisation but should cover, for instance, issues relating to access control, the securing of rooms and computer equipment and emergency procedures for evacuation.

Tests, drills and audits

The seventh principle concentrates on tests and drills. These determine whether or not the security regime established satisfies the defined policy and strategy. Circumstances change, thus systems must be tested and worked through on a frequent basis.

Meanwhile, the objective of audits is to determine whether the current policy and strategy remains adequate for containing perceived risks and threats. Indeed, the value of internal and external audits, properly conducted, cannot be overstated.

It’s also advisable to employ the professional expertise of external security specialists/auditors whenever you can.

Exit mobile version